Try SpotterAdd and delete FreeIPA Auto Membership Rules.
Authors: Mark Hahl (@mhahl), Jake Reynolds (@jake2184), Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Add, modify and delete an IPA Auto Membership Rules.
# Ensure an automember rule exists
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
description: "example description"
automember_type: group
state: present
inclusive:
- key: "mail"
expression: "example.com"
# Delete an automember rule
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
description: "my automember rule"
automember_type: group
state: absent
# Add an inclusive condition to an existing rule
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
name: "My domain hosts"
automember_type: hostgroup
action: member
inclusive:
- key: fqdn
expression: ".*.mydomain.com"
# Ensure group membership for all users has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: group
state: rebuilt
# Ensure group membership for given users has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
users:
- user1
- user2
state: rebuilt
# Ensure hostgroup membership for all hosts has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: hostgroup
state: rebuilt
# Ensure hostgroup membership for given hosts has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
hosts:
- host1.mydomain.com
- host2.mydomain.com
state: rebuilt
# Ensure default group fallback_group for all unmatched group entries is set
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: group
default_group: fallback_group
# Ensure default group for all unmatched group entries is not set
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
default_group: ""
automember_type: group
state: absent
# Ensure default hostgroup fallback_hostgroup for all unmatched group entries
# is set
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: hostgroup
default_group: fallback_hostgroup
# Ensure default hostgroup for all unmatched group entries is not set
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: hostgroup
default_group: ""
state: absent
# Example playbook to ensure all orphan automember group rules are removed:
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: group
state: orphans_removed
# Example playbook to ensure all orphan automember hostgroup rules are removed:
- freeipa.ansible_freeipa.ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: hostgroup
state: orphans_removed
name:
aliases:
- cn
description: The automember rule
elements: str
required: false
type: list
hosts:
description: Hosts to rebuild membership for.
elements: str
required: false
type: list
state:
choices:
- present
- absent
- rebuilt
- orphans_removed
default: present
description: State to ensure
type: str
users:
description: Users to rebuild membership for.
elements: str
required: false
type: list
action:
choices:
- member
- automember
default: automember
description: Work on automember or member level
type: str
no_wait:
description: Don't wait for rebuilding membership.
type: bool
exclusive:
aliases:
- automemberexclusiveregex
description: List of dictionaries containing the attribute and expression.
elements: dict
suboptions:
expression:
description: The expression of the regex
required: true
type: str
key:
description: The attribute of the regex
required: true
type: str
type: list
inclusive:
aliases:
- automemberinclusiveregex
description: List of dictionaries containing the attribute and expression.
elements: dict
suboptions:
expression:
description: The expression of the regex
required: true
type: str
key:
description: The attribute of the regex
required: true
type: str
type: list
description:
description: A description of this auto member rule
required: false
type: str
default_group:
description: Default (fallback) group for all unmatched entries.
type: str
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
type: str
automember_type:
choices:
- group
- hostgroup
description: Grouping to which the rule applies
required: false
type: str
ipaadmin_password:
description: The admin password.
required: false
type: str
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
ipaadmin_principal:
default: admin
description: The admin principal.
type: str